Business Continuity

January 20, 2010

Whether flu, fire, flood, terrorist outrage or a less traumatic but no less devastating computer meltdown or major IT data loss, business continuity is of key importance to every organisation, large or small.

Yet, according to the Business Continuity Institute, too many organisations still relegate business continuity to the back of the priority list.

It has revealed that:

43% of companies that experience a disaster never recover;

90% of businesses that lose data are forced to close within two years; and

80% of businesses without a business continuity plan will close two years after a flood or fire.

It further estimates that the UK economy is losing £11.1bn a year, the equivalent to 0.8% of UK GDP, to major disruptions due to lack of Business Continuity Management within organisations based in the UK.

The BCI advises that the Board of every company, large or small, should focus on some key questions:

The company’s business and operating model;

Key value creating products and services;

Key dependencies such as critical assets and processes;

How the company will respond to a loss or threat to any of the above;

What the main threats are today and what is on the horizon; and

Evidence that the resulting business continuity plans will work in practice.

www.londonprepared.gov.uk – which was set up in the wake of the terrorist attacks on 11th September 2001, provides a guide to the five steps needed to formulate a business continuity plan:

Analyse your business;

Assess the risks;

Develop your strategy;

Review your plan; and

Train your staff.

The written plan should include the following essentials:

A description of what the plan is trying to achieve and how to make it work

Essential checklists

A description of your premises

The structure of the crisis team – who needs to do what

Emergency provision for staff

It’s important to note that these plans should not be just on paper – like fire drills, they should be tested, to ensure they are fit for purpose, and do what they are meant to do.

Would your business be facing a disaster?

If computer or telecom failure was not properly planned for and managed, would you be ready? Ask yourself the following questions…

Would your business still function if your computer or telephone systems were unavailable for three days?

Would you be able to contact your customers?

Would it hold up production?

What alternative arrangements would you be able to make and how long would it take?

What could you do to make certain you have access to vital data, even if your computer system is destroyed?

If your computer systems are stolen could sensitive information fall into the wrong hands?

What would happen if your competitor got hold of sensitive information?

Disclaimer: The information provided through Legislation Watch is for general guidance only and is not legal advice. Legislation Watch is not a substitute for Health and Safety consultancy. You should seek independent advice about any legal matter.